Rather than demanding that software developers have the kind specialist knowledge required to build secure software from fundamental building blocks, programming languages and their associated tooling should focus more on what software developers are trying to achieve in the security domain. This shift of emphasis would reduce the number of expert decisions required from inexpert developers as they go about their routine tasks.